194.63.248.52 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.63.248.52 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 70/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Norway
  • Noticed: 42 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 443, 80
  • Tor Node: No

Tags

  • access type
  • active
  • added active
  • adversaries
  • allocates rwx
  • antivm network
  • attack
  • auto-generated security
  • bad traffic
  • borland delphi
  • ck id
  • click
  • copyright
  • create
  • createfilew
  • cve
  • cyber security
  • data
  • date
  • dead host
  • deletes self
  • delphi generic
  • desktop
  • empty hash
  • encrypt files
  • entries
  • entropy
  • error
  • et info
  • evader
  • execution
  • exe nolookup
  • false
  • filehashmd5
  • filehashsha1
  • file type
  • flag
  • france france
  • general
  • generic
  • genericread
  • genericwrite
  • germany germany
  • global
  • gmt flag
  • hkeyclassesroot
  • hkeycurrentuser
  • http header
  • hybrid
  • icons library
  • informative
  • inject
  • installs
  • intel
  • ioc
  • ipv4
  • learn
  • levelblue
  • link library
  • llc name
  • maas
  • malicious
  • md5 code
  • members
  • mirai
  • mitre att
  • modules
  • money doc
  • monitor
  • ms windows
  • name tactics
  • network icmp
  • Nextray
  • os2 executable
  • overlay
  • packer entropy
  • path
  • pe32
  • pe32 compiler
  • pe32 executable
  • pe features
  • persistence
  • pe unknown
  • phishing
  • proxy wpad
  • python
  • ransom
  • reevil
  • registry
  • regopenkeyexa
  • regopenkeyexw
  • regsetvalueexw
  • related pulses
  • remote
  • resource name
  • role title
  • russsian data
  • search
  • server
  • service
  • show
  • showing
  • strings
  • success
  • suspicious
  • tags
  • target
  • tcp traffic
  • tools
  • type indicator
  • ukraine ukraine
  • united
  • united kingdom
  • url http
  • url https
  • viet nam
  • virtualallocex
  • webview
  • win16 ne
  • win32 dynamic
  • win32 exe
  • windows

MITRE ATT&CK TTPs

  • T1012 - Query Registry
  • T1021 - Remote Services
  • T1035 - Service Execution
  • T1046 - Network Service Scanning
  • T1055 - Process Injection
  • T1060 - Registry Run Keys / Startup Folder
  • T1083 - File and Directory Discovery
  • T1112 - Modify Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1179 - Hooking
  • T1181 - Extra Window Memory Injection
  • T1215 - Kernel Modules and Extensions
  • T1547 - Boot or Logon Autostart Execution
  • TA0002 - Execution
  • TA0003 - Persistence
  • TA0004 - Privilege Escalation
  • TA0005 - Defense Evasion
  • TA0008 - Lateral Movement
  • TA0009 - Collection
  • TA0010 - Exfiltration

Attack Log References

Whois Information

inetnum: 194.63.248.0 - 194.63.255.255 netname: NO-DOMENESHOP org: ORG-DA421-RIPE country: NO admin-c: SS19786-RIPE tech-c: HH2777-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: DOMENESHOP-MNT mnt-routes: DOMENESHOP-MNT mnt-domains: DOMENESHOP-MNT created: 1970-01-01T00:00:00Z last-modified: 2016-04-14T09:55:14Z organisation: ORG-DA421-RIPE org-name: Domeneshop AS country: NO org-type: LIR address: Christian Krohgs gate 16 address: 0186 address: Oslo address: NORWAY phone: +4722943333 fax-no: +4722943334 mnt-ref: DOMENESHOP-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: DOMENESHOP-MNT abuse-c: HH2777-RIPE created: 2012-06-07T11:55:20Z last-modified: 2025-08-12T12:48:08Z admin-c: SS19786-RIPE role: Domeneshop Hostmaster address: Domeneshop AS address: Christian Krohgs gate 16 address: 0186 Oslo address: Norway phone: +47 22 94 33 33 fax-no: +47 22 94 33 34 abuse-mailbox: abuse@domeneshop.no admin-c: SS19786-RIPE tech-c: SS19786-RIPE nic-hdl: HH2777-RIPE mnt-by: DOMENESHOP-MNT created: 1970-01-01T00:00:00Z last-modified: 2021-03-06T09:54:48Z person: Stale Schumacher address: Domeneshop AS address: Christian Krohgs gate 16 address: 0186 Oslo address: Norway phone: +47 22 94 33 33 fax-no: +47 22 94 33 34 nic-hdl: SS19786-RIPE mnt-by: DOMENESHOP-MNT created: 2012-06-07T12:47:02Z last-modified: 2021-03-06T09:53:34Z route: 194.63.248.0/24 descr: DOMENESHOP origin: AS12996 mnt-by: DOMENESHOP-MNT created: 2021-11-21T11:39:58Z last-modified: 2021-11-24T09:45:28Z